Description
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
Remediation
References
Related Vulnerabilities
ProjectSend Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-11378)
MySQL CVE-2021-35622 Vulnerability (CVE-2021-35622)
WordPress Plugin Ninja Forms with File Uploads Extension Arbitrary File Upload (3.3.0)
Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-9840)
Oracle Application Server Other Vulnerability (CVE-2006-5360)